Anshunkang Zhou

**Name of the Vulnerable Software and Affected Versions** dmg2img versions through 20170502 **Description** A flaw was found in dmg2img where it did not validate the size of the read buffer during memcpy() inside the main() function. This possibly leads to memory layout information leaking in the data, which might be used in a chain of vulnerability to reach code execution. The exploitation of this flaw could allow a remote attacker to access confidential data and cause a denial of service. **Recommendations** For versions through 20170502, as a temporary workaround, consider restricting the use of the main() function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** dmg2img versions through 20170502 **Description** A flaw was found in the `fill mishblk()` function, which does not check the length of the read buffer and copies 0xCC bytes from it. The length of the buffer is controlled by an attacker, allowing for a potential memory layout information leak by providing a length smaller than 0xCC, causing `memcpy` to reach out of the malloc'ed bound. This could be used in a chain of vulnerabilities to reach code execution. The exploitation of this flaw may allow a remote attacker to access confidential data and cause a denial of service. **Recommendations** For versions through 20170502, consider disabling the `fill mishblk()` function until a patch is available to prevent potential memory layout information leaks and code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.